CVE-2025-13490
MEDIUMIBM App Connect Operator - Info Disclosure
Title source: llmDescription
IBM App Connect Operator versions CD 11.3.0 through 11.6.0 and 12.1.0 through 12.20.0, LTS versions 12.0.0 through 12.0.20, and IBM App Connect Enterprise Certified Containers Operands versions CD 12.0.11.2‑r1 through 12.0.12.5‑r1 and 13.0.1.0‑r1 through 13.0.6.1‑r1, and LTS versions 12.0.12‑r1 through 12.0.12‑r20, contain a vulnerability in which the IBM App Connect Enterprise Certified Container transmits data in clear text, potentially allowing an attacker to intercept and obtain sensitive information through man‑in‑the‑middle techniques.
Scores
CVSS v3
5.9
EPSS
0.0002
EPSS Percentile
3.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Classification
CWE
CWE-319
Status
published
Affected Products (47)
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
ibm/app_connect_enterprise_certified_containers_operands
... and 32 more
Timeline
Published
Mar 03, 2026
Tracked Since
Mar 04, 2026